adding external-dns policy support

Signed-off-by: Christopher Hein <me@christopherhein.com>
eksctl-io · Dec 17, 2018 · 1c4d0bc · 1c4d0bc
1 parent 66a7888
commit 1c4d0bc
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 0 deletions.
diff --git a/pkg/cfn/builder/iam.go b/pkg/cfn/builder/iam.go
@@ -146,5 +146,19 @@ func (n *NodeGroupResourceSet) addResourcesForIAM() {
 		)
 	}
 
+	if n.clusterSpec.Addons.WithIAM.PolicyExternalDNS {
+		n.rs.attachAllowPolicy("PolicyExternalDNSChangeSet", refIR, "arn:aws:route53:::hostedzone/*",
+			[]string{
+				"route53:ChangeResourceRecordSets",
+			},
+		)
+		n.rs.attachAllowPolicy("PolicyExternalDNSHostedZones", refIR, "*",
+			[]string{
+				"route53:ListHostedZones",
+				"route53:ListResourceRecordSets",
+			},
+		)
+	}
+
 	n.rs.newOutputFromAtt(cfnOutputInstanceRoleARN, "NodeInstanceRole.Arn", true)
 }
diff --git a/pkg/ctl/create/cluster.go b/pkg/ctl/create/cluster.go
@@ -85,6 +85,7 @@ func createClusterCmd(g *cmdutils.Grouping) *cobra.Command {
 
 	group.InFlagSet("Cluster add-ons", func(fs *pflag.FlagSet) {
 		fs.BoolVar(&cfg.Addons.WithIAM.PolicyAutoScaling, "asg-access", false, "enable iam policy dependency for cluster-autoscaler")
+		fs.BoolVar(&cfg.Addons.WithIAM.PolicyExternalDNS, "external-dns-access", false, "enable iam policy dependency for external-dns")
 		fs.BoolVar(&cfg.Addons.WithIAM.PolicyAmazonEC2ContainerRegistryPowerUser, "full-ecr-access", false, "enable full access to ECR")
 		fs.BoolVar(&cfg.Addons.Storage, "storage-class", true, "if true (default) then a default StorageClass of type gp2 provisioned by EBS will be created")
 	})

diff --git a/pkg/eks/api/api.go b/pkg/eks/api/api.go
@@ -193,5 +193,6 @@ type (
 	AddonIAM struct {
 		PolicyAmazonEC2ContainerRegistryPowerUser bool
 		PolicyAutoScaling                         bool
+		PolicyExternalDNS                         bool
 	}
 )